[stable-em-only] Add CVE-2023-2088 warning
The Cinder project team does not intend to backport a fix for CVE-2023-2088 to stable/train, so add a warning to the README so that consumers are aware of the vulnerability of this branch of the cinder code. Change-Id: I1621e3d3d9272a7a25b2d9d9e6710efb6b637a89 Related-bug: #2004555
This commit is contained in:
parent
a19c1c9ed8
commit
299553a4fe
16
README.rst
16
README.rst
|
@ -11,6 +11,22 @@ Team and repository tags
|
||||||
CINDER
|
CINDER
|
||||||
======
|
======
|
||||||
|
|
||||||
|
.. warning::
|
||||||
|
The stable/train branch of cinder does not contain a fix for
|
||||||
|
CVE-2023-2088_. Be aware that such a fix must span cinder, os-brick,
|
||||||
|
nova, and, depending on your deployment configuration, glance_store
|
||||||
|
and ironic. *The Cinder project team advises against using the code
|
||||||
|
in this branch unless a mitigation against CVE-2023-2088 is applied.*
|
||||||
|
|
||||||
|
.. _CVE-2023-2088: https://nvd.nist.gov/vuln/detail/CVE-2023-2088
|
||||||
|
|
||||||
|
References:
|
||||||
|
|
||||||
|
* https://nvd.nist.gov/vuln/detail/CVE-2023-2088
|
||||||
|
* https://bugs.launchpad.net/cinder/+bug/2004555
|
||||||
|
* https://security.openstack.org/ossa/OSSA-2023-003.html
|
||||||
|
* https://wiki.openstack.org/wiki/OSSN/OSSN-0092
|
||||||
|
|
||||||
You have come across a storage service for an open cloud computing service.
|
You have come across a storage service for an open cloud computing service.
|
||||||
It has identified itself as `Cinder`. It was abstracted from the Nova project.
|
It has identified itself as `Cinder`. It was abstracted from the Nova project.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue